Parental controls customization and notification

ABSTRACT

A method, system, and computer readable medium are provided for enabling a user and an administrator in a network environment to interactively customize administrator controls used to filter the user&#39;s online actions. The computer receives a user request to perform a blocked online action. The computer provides information about the pending request to the administrator and receives request resolution information from the administrator. The computer updates the administrator controls used to filter the user&#39;s online actions in accordance with the request resolution information.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a divisional of U.S. patent application Ser. No.10/187,408, filed Jun. 28, 2002, priority from the filing date of whichis hereby claimed under 35 U.S.C. § 120.

FIELD OF THE INVENTION

This invention is generally related to the field of computer softwareand more specifically to a method and system for controlling accessacross a network.

BACKGROUND

While the Internet can provide a tremendous amount of information abouta wide variety of subjects, the Internet can also pose dangers,especially for children. Parents want their children to have access tothe many educational resources that can be found on the Internet. At thesame time, parents want to prevent their children from accessing themany Web sites that contain violence, pornography, and other materialinappropriate for children. Even more so, parents want to protect theirchildren from child predators that use the Internet to lure childrenfrom chat rooms to in-person meetings.

In 1998, the Children's Online Privacy Protection Act (“COPPA”) waspassed to prohibit Web sites from gathering personal information fromchildren under the age of 13 without parental consent. While COPPA is asignificant and positive step toward protecting children's privacy whenon the Internet, there are many other dangers on the Internet that COPPAfails to address. COPPA does not protect children from viewinginappropriate material on Web sites. COPPA also does not protectchildren from communicating with strangers that could be child predatorson the Internet.

Conventional computer technology provides a few steps that parents cantake to protect their children from material and individuals that may beharmful. One type of conventional computer technology for protectingchildren is blocking software that blocks access to certain sites thathave been predetermined as inappropriate or which contain key words,such as profanity or sex-related words. Blocking software comes indifferent forms, such as stand-alone software packages, resources on theInternet, and as an online service that allows parents to limit accessto certain sites and features, such as e-mail, instant messages, orcertain content. Popular online services are provided by Internetservice providers such as MSN the Microsoft Network® provided byMicrosoft Corporation of Redmond, Wash. In order to determine whichsites and content are most appropriate for children, child-specificsearch engines, ratings, and review sites have been emerging. Searchengines and directories yield only those sites that have been determinedappropriate for children. Of course, such search engines and blockingsoftware do not automatically protect children from all inappropriatecontent.

While conventional computer technology can aid parents in controllingthe content their child can access on the Internet, the conventionalcomputer technology is not perfect. The blocking software or onlineservices often miss inappropriate sites and block appropriate sites. Itwould be advantageous for parents and children to communicate about theonline controls and to enable parents to customize the online controlsfor children based on those communications. Therefore, there exists aneed for children and parents to communicate regarding the parentalcontrols, with the ability for parents to customize the parentalcontrols based on that communication.

SUMMARY

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This summary is not intended to identify key features ofthe claimed subject matter, nor is it intended to be used as an aid indetermining the scope of the claimed subject matter.

The present invention satisfies the aforementioned needs by providing amethod and system for parental controls customization and notification.Generally described, the parental controls customization andnotification method and system enable a user (e.g., a child) and anadministrator in a network environment (e.g., a parent) to interactivelycustomize the administrator controls used to filter the user's onlineactions. Controls are the filter settings employed to control theactions of the users.

One aspect of the present invention provides a computer-implementablemethod for enabling a user and an administrator in a network environmentto interactively customize administrator controls used to filter theuser's online actions. The computer receives a user request for consentto perform a blocked online action. The computer provides informationabout the pending request to an administrator and receives requestresolution information from the administrator. The computer updates theadministrator controls used to filter a user's online actions with therequest resolution information.

Another aspect of the present invention provides acomputer-implementable method for enabling a user and an administratorin a network environment to interactively customize administratorcontrols used to filter the user's online actions. When the computerreceives a request from a user for consent to perform a blocked onlineaction, the computer determines if an administrator is present and, ifan administrator is present, receives the administrator'sidentification. In response to receiving the administrator'sidentification, the computer authenticates the administrator withoutdenying the user's access to the network environment. Afterauthenticating the administrator, the computer presents the user'srequest to the administrator and determines if the administrator acceptsthe user's request. If the administrator accepts the user's request, thecomputer updates the administrator controls for the user to allow thepreviously blocked action.

Yet another aspect of the present invention provides acomputer-implementable method for enabling a user and an administratorin a network to interactively customize administrator controls used tofilter the user's online actions. The computer tracks and stores theuser's allowed and blocked online actions. The computer generates ahistory summary report from the stored information and provides thehistory summary report to the administrator. If the computer receives anadministrator request to block the user from performing an actionindicated as being allowed in the history summary report, the computerupdates the administrator controls used to filter a user's onlineactions to include blocking the action.

An additional aspect of the present invention provides acomputer-readable medium having computer-executable instructions forenabling a user and an administrator in a network environment tointeractively customize the administrator controls used to filter theuser's online actions. When executed, the instructions cause thecomputer to respond to a user request to perform a blocked online actionby providing information about the pending request to an administrator.In response to the computer receiving request resolution informationfrom the administrator, the computer updates the administrator controlsused to filter a user's online actions with the request resolutioninformation.

Another aspect of the present invention provides a computer-readablemedium having computer-executable instructions for enabling a user andan administrator in a network environment to interactively customizeadministrator controls used to filter the user's online actions. Whenexecuted the instructions cause the computer to respond to receiving arequest from the user to perform a blocked online action by determiningif the administrator is present. If the administrator is present, thecomputer responds to receiving the administrator's identification byauthenticating the administrator without denying the user's access tothe network environment. After authenticating the administrator, thecomputer presents the user's request to the administrator and determinesif the administrator accepts the user's request. If the administratoraccepts the user's request, the computer updates the administratorcontrols for the user to allow the previously blocked action.

A further aspect of the present invention provides a computer-readablemedium having computer-executable instructions for enabling a user andan administrator in a network environment to interactively customizeadministrator controls used to filter the user's online actions. Whenexecuted, the instructions perform a process that includes tracking andstoring the user's allowed and blocked online actions. The processincludes generating a history summary report for the user by generatinga history summary report from the stored information and providing thehistory summary report to the administrator. In response to the computerreceiving an administrator request to block the user from performing anaction indicated as being allowed in the history summary report, theprocess includes updating the administrator controls used to filter auser's online actions to include blocking the action.

A further aspect of the present invention provides a computer-readablemedium having a data structure stored thereon for use in enabling a userand an administrator in a network environment to interactively customizeadministrator controls used to filter the user's online actions. Thepreferred form of the data structure includes a data element indicativeof request identification information, a data element indicative of useridentification information, a data element indicative of administratoridentification information, a data element indicative of informationabout blocked online action, and a data element indicative of requeststatus information. The data structure is used to create an entry in aconsent database for a request to modify the administrator controls usedto filter a user's online actions.

Another aspect of the present invention provides a computer system forenabling a user and an administrator in a network environment tointeractively customize administrator controls used to filter a user'sonline actions. The computer system includes a setting databasecomponent for storing information about the administrator controls usedto filter a user's online actions and an administrator controlcomponent. Preferably, the administrator control component is operableto receive a user request to perform a blocked online action, provideinformation about the pending request to an administrator, receiverequest resolution information from the administrator, and update theadministrator controls for the user in the setting database with therequest resolution information.

Another aspect of the present invention provides a computer system forenabling a user and an administrator in a network environment tointeractively customize administrator controls used to filter the user'sonline actions. The computer system includes a setting databasecomponent for storing information about the administrators controls usedto filter the user's online actions and an administrator controlcomponent. Preferably, the administrator control component is operableto receive a request from a user to perform a blocked online action,determine if an administrator is present and, if an administrator ispresent, receiving the administrator's identification. In response toreceiving the administrator's identification, the administrator controlcomponent authenticates the administrator without denying the user'saccess to the network environment. After authenticating theadministrator, the administrator control component presents the user'srequest to the administrator and determines if the administrator acceptsthe user's request. If the administrator accepts the user's request, theadministrator controls for the user are updated to allow the previouslyblocked action.

Another aspect of the present invention provides a computer system forenabling a user and an administrator in a network environment tointeractively customize administrator controls used to filter the user'sonline actions. The computer system includes a setting databasecomponent for storing information about the administrators controlsbeing used to filter the user's online actions and an administratorcontrol component. Preferably, the administrator control component isoperable to track and store the user's allowed and blocked onlineactions, generate a history summary report from the stored information,and provide the history summary report to the administrator. In responseto receiving an administrator request to block the user from performinga first action indicated as being allowed in the history summary report,the administrative control component updates the administrator controlsfor the user to include blocking the first action.

DESCRIPTION OF THE DRAWINGS

The foregoing aspects and many of the attendant advantages of thisinvention will become more readily appreciated as the same become betterunderstood by reference to the following detailed description, whentaken in conjunction with the accompanying drawings, wherein:

FIG. 1 is a illustration of a representative portion of an internetworksuch as the Internet.

FIG. 2 is a block diagram illustrative of a parental control system inaccordance with one exemplary embodiment of the present invention.

FIG. 3 is a block diagram of the parental control system of FIG. 2illustrating obtaining parental controls in accordance with oneexemplary embodiment of the present invention.

FIGS. 4A and 4B are block diagrams of the parental control system ofFIG. 2 illustrating parentally controlled user actions in accordancewith one exemplary embodiment of the present invention.

FIGS. 5A, 5B, and 5C are block diagrams of the parental control systemof FIG. 2 illustrating the customization of the parental controls inaccordance with one exemplary embodiment of the present invention.

FIG. 6 is a block diagram showing an illustrative operating environmentfor one exemplary embodiment of the present invention.

FIG. 7A is a block diagram showing an illustrative data structureutilized by an exemplary embodiment of the parental control system.

FIG. 7B is a block diagram showing a table of parentally controlledactions in accordance with one exemplary embodiment of the presentinvention.

FIG. 8 is an overview flow diagram illustrating the logic utilized inone embodiment of the present invention.

FIG. 9 is a flow diagram illustrating a routine for receiving a userrequest formed in accordance with one exemplary embodiment of thepresent invention.

FIG. 10 is a flow diagram illustrating a routine for notifying anadministrator of a pending request formed in accordance with oneexemplary embodiment of the present invention.

FIG. 11 is a flow diagram illustrating a request resolution routineformed in accordance with one exemplary embodiment of the presentinvention.

FIG. 12 is a flow diagram illustrating a routine for customizingcontrols formed in accordance with one exemplary embodiment of thepresent invention.

FIG. 13 is a flow diagram illustrating an instant approval routineformed in accordance with one exemplary embodiment of the presentinvention.

FIG. 14 is a flow diagram illustrating a history summary report routineformed in accordance with one exemplary embodiment of the presentinvention.

FIGS. 15 and 16 are flow diagrams illustrating a history integrationroutine formed in accordance with one exemplary embodiment of thepresent invention.

FIG. 17 is a screen diagram showing an illustrative screen display ofthe history summary report in accordance with one exemplary embodimentof the present invention.

DETAILED DESCRIPTION

As briefly described above, the present invention provides methods,systems, and computer readable media for customizing parental controls.FIG. 6 illustrates a representative operating environment, namely, apersonal computer, in which the invention is useful. The illustratedcomputing system environment is only one example of an operatingenvironment in which the invention finds use and is not intended tosuggest any limitation as to the scope of use or functionality of theinvention. Neither should the computing environment be interpreted ashaving any dependency requirement relating to any one or combination ofcomponents illustrated in the exemplary operating environment.

The invention is implementable in numerous other general purposes orspecial computing environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for implementing the invention include, but are not limited to,personal computers, server computers, laptop devices, multiprocessorsystems, microprocessor-based systems, network PCs, minicomputers,mainframe computers, distributed computing environments that include anyof the above systems, or the like.

The many components of a personal computer system 600 that a client andserver computer may consist of are illustrated in FIG. 6 as a computer610, which may include, but is not limited to, a processing unit 620, asystem memory 630, and a system bus 621 that couples various systemcomponents, including the system memory, to the processing unit 620. Thesystem bus 621 may be any of several types of bus structures, includinga memory bus or memory controller, a peripheral bus, and a local bususing any of a variety of bus architectures. By way of example, and notlimitation, such architectures include Industry Standard Architecture(ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA)bus, Video Electronics Standards Association (VESA) local bus, andPeripheral Component Interconnect (PCI) bus, also known as Mezzaninebus. Computer 610 typically includes a variety of computer-readablemedia. Computer-readable media can be any available media that can beaccessed by computer 610 and include both volatile and nonvolatile mediaand removable and nonremovable media. By way of example, and notlimitation, computer-readable media may comprise computer storage mediaand communication media. Computer storage media include both volatileand nonvolatile and removable and nonremovable media implemented in anymethod or technology for storage and information, such ascomputer-readable instructions, data structures, program modules, orother data. Computer storage media include, but are not limited to, RAM,ROM, EEPROM, flash memory or other memory technology, CD-ROM, digitalversatile disk (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium that can be used to store the desired informationand that can be assessed by computer 610. Communication media typicallyembody computer-readable instructions, data structures, program modules,or other data in the modulated data signal, such as a carrier wave orother transport mechanism, and include any information delivery media.The term “modulated data signal” means a signal that has one or more ofits characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media include wired media, such as a wired network ordirect-wired connection, and wireless media, such as acoustic, RF,infrared, and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer-readable media.

The system memory 630 includes computer storage media in the form ofvolatile and/or nonvolatile memory, such as read-only memory (ROM) 631and random-access memory (RAM) 632. A basic input/output system 633(BIOS) contains basic routines that help to transfer information betweenelements within the computer 610, such as program modules that areimmediately accessible to and/or presently being operated on byprocessing unit 620. By way of example, and not limitation, FIG. 6illustrates as operating system 634, application programs 635, otherprogram modules 636, and program data 637.

The computer 610 may also include other removable/nonremovable,volatile/nonvolatile computer storage media. By way of example only,FIG. 6 illustrates a hard disk drive 641 that reads from or writes tononremovable, nonvolatile magnetic media, a magnetic disk drive 651 thatreads from or writes to a removable, nonvolatile magnetic disk 652, andan optical disk drive 655 that reads from or writes to a removable,nonvolatile optical disk 656, such as CD-ROM or other optical media.Other removable/nonremovable, volatile/nonvolatile computer storagemedia that can be used in the exemplary operating environment include,but are not limited to, magnetic tape cassettes, flash memory cards,digital versatile disk, digital videotape, solid state RAM, solid stateROM, and the like. The hard disk drive 641 is typically connected to thesystem bus 621 through a nonremovable memory interface, such asinterface 640, and magnetic disk drive 651 and optical disk drive 655are typically connected to the system bus 621 by a removable memoryinterface, such as interface 650.

The drives and their associated computer storage media, discussed aboveand illustrated in FIG. 6, provide storage of computer-readableinstructions, data structures, program modules, and other data for thecomputer 610. In FIG. 6, for example, hard disk drive 641 is illustratedas storing operating system 644, application programs 645, other programmodules 646, and program data 647. Note that these components can eitherbe the same as or different from operating system 634, applicationprograms 635, other program modules 636, and program data 637. Operatingsystem 644, application programs 645, other program modules 646, andprogram data 647 are given different numbers here to illustrate that, ata minimum, they are different copies. A user may enter commands andinformation to the computer through input devices such as a keyboard 662and pointing device 661, commonly referred to as a mouse, trackball, ortouch pad. Other input devices (not shown) may include a microphone,joystick, game pad, satellite dish, scanner, or the like. These andother input devices are often connected to the processing unit 620through a user-input interface 660 that is coupled to the system bus,but may be connected by other interface and bus structures, such as aparallel port, game port, or universal serial bus (USB). A monitor 691or other type of display device is also connected to the system bus 621via an interface, such as a video interface 690. In addition to themonitor, computers may also include other peripheral output devices,such as speakers 697 and printer 696, which may be connected through anoutput peripheral interface 695.

As discussed earlier, one embodiment of the present invention operatesin a networked environment using logical connections to one or moreremote computers, such as a remote computer. The remote computer may bea personal computer, a server, a router, a network PC, a peer device, orother common network node, and typically includes many or all of theelements described above relative to the computer 610, although only amemory storage device 681 has been illustrated in FIG. 6. The logicalconnections depicted in FIG. 6 include a local area network (LAN) 671and a wide area network (WAN) 673, but may also include other networks.Such networking environments are commonplace in offices, enterprise-widecomputer networks, intranets, and the Internet.

When used in a LAN networking environment, the computer 610 is connectedto the LAN 671 through a network interface or adapter 670. When used ina WAN networking environment, the computer 610 typically includes amodem 672 or other means for establishing communications over the WAN673, such as the Internet. The modem 672, which may be internal orexternal, may be connected to the system bus 621 via the user-inputinterface 660 or other appropriate mechanism. In a networkedenvironment, program modules depicted relative to the computer 610, orportions thereof, may be stored in the remote memory storage device. Byway of example, and not limitation, FIG. 6 illustrates remoteapplication programs 685 as residing on memory storage device 681. Itwill be appreciated that the network connections shown are exemplary,and other means of establishing a communication link between thecomputers may be used.

The term “Internet” refers to a collection of networks and routerscapable of communicating with one another. A representative section ofthe Internet 100 is shown in FIG. 1. The representation section of theInternet 100 shown in FIG. 1 includes a plurality of LANs 120 and WANs130 interconnected by routers 110. The routers 110 are generally specialpurpose computers used to interface one LAN or WAN to another.Communication links within the LANs may be formed by twisted pair wire,coaxial cable, or any other well-known communication linkage technology,including wireless technology. Communication links between networks maybe formed by 56 Kbps analog telephone lines, or 1 Mbps digital T-1 linesand/or 45 Mbps T-3 lines or any other well-known communication linkagetechnology, including wireless technology. Further, computers and otherrelated electronic devices 140 can be remotely connected to either theLANs 120 or the WANs 130 via a modem and temporary telephone link,including a wireless telephone link. Such computers and electronicdevices 140 are shown in FIG. 1 as connected to one of the LANs 120. Itwill be appreciated that the Internet 100 comprises a vast number ofsuch interconnected networks, computers, and routers and that only asmall, representative section of the Internet 100 is shown in FIG. 1.

FIG. 2 is a block diagram of a parental control system 200 forimplementing parental controls in accordance with the invention. Theparental control system 200 shown in FIG. 2 includes a client 202,parental control server 204, filter 210, instant messenger 212, contentproviders 214 and 216, and e-mail 218, interconnected by aninternetwork, such as Internet 100. Also shown in FIG. 2 is a settingdatabase 206 in communication with the parental control server 204 and aconsent database 208 also in communication with the parental controlserver 204. The setting database 206 includes an allow/block list asshown in parenthesis in FIG. 2. In alternative embodiments of thepresent invention, the setting database 206 may reside on the parentalcontrol server 204 or on another computing device that is incommunication with the parental control server 204. Similarly, theconsent database 208 may reside on the parental control server 204 or onanother computer device in communication with the parental controlserver 204. Additionally, while only one client user device 202 isshown, it will be appreciated that many such devices may be included inthe parental control system 200. Similarly, while only two contentproviders 214 and 216 and two online services, e-mail 218 and instantmessenger 212, are shown in FIG. 2, it will be appreciated that manyother content providers and online services may be connected to theInternet 100. Further, while the filter 210 and the setting database206, which includes the allow/block list, are shown as being incommunication across the Internet 100, the filter 210 and theallow/block list may be downloaded to the client 202, which may enhanceperformance. Communications between the client 202, parental controlserver 204, setting database 206, consent database 208, filter 210,instant messenger 212, content providers 214 and 216, and e-mail 218,are further described below in relation to FIGS. 3, 4A-4B, and 5A-5B.

With reference to FIG. 3, an illustrative process for logging on to theInternet and accessing the parental controls server 204 will bedescribed. The process is initiated by the client 202 connecting to theInternet 100. Those of ordinary skill in the art will appreciate thatthere are various different ways to connect to the Internet 100. Forexample, the user may have an account with an Internet service provider(ISP) that supplies Internet connectivity services to individuals,businesses, and other organizations. Alternatively, the user may connectto the Internet through a high-speed communications line, such as a Ticarrier line, that can handle digital communications. Anotheralternative is the user connected to the Internet through a digitalsubscriber line (DSL) that also provides high-speed transmissions overstandard copper telephone wiring. As another example, the user mayutilize a dial-up service, which is a telephone connection provider fora local or worldwide public switch telephone network that providesInternet or intranet access and other resources. The present inventionis not limited to any particular process of connecting to the Internet100.

After the user has connected to the Internet 100, the user is directedto the parental control server 204 and logs onto the parental controlserver 204. The user identifies himself to the parental control server204 by providing identification information, such as a username and apassword. The parental control server 204 authenticates the userutilizing authenticating processes well-known by those of ordinary skillin the art. The parental control server 204 then queries the settingdatabase 206 for the parental controls for the user. In the illustratedembodiment, the setting database 206 includes the allow/block list,which includes a list of parentally controlled actions. The allow/blocklist includes an allow list of the actions allowed by the parent. Theallow/block list also includes a block list of the actions blocked bythe parent. Thus the allow/block list includes customized parentalcontrols for the user logging into the client 202. After querying thesetting database 206, the parental control search results, including theallow/block list for the user, are provided to the parental controlserver 204.

FIGS. 4A and 4B are block diagrams illustrating the process of using theparental controls system 200 to filter the user's online actions inaccordance with one embodiment of the present invention. FIG. 4Aillustrates a user taking an action that is allowed by the parentalcontrols system 200. FIG. 4B illustrates a user attempting to take anaction that is blocked by the parental controls system 200.

FIG. 4A illustrates the user submitting a request to perform action A,which includes any online action. For example, action A may be sendingan electronic message using the Internet-based e-mail 218 service. Oraction A may be sending an instant message using an Internet-basedinstant messenger 212 service. Or action A may be visiting Web sites foraccessing information provided by content providers 214 and 216. Afterthe user has submitted a request to take action A, the parental controlserver 204 receives the user's request to take action A. Or action A maybe having more time online. For example, in one embodiment of thepresent invention, the computer detects that the user's allowed timeonline is about to expire. The user is notified that the allowed timeonline is about to expire and is prompted to submit a request for moretime online. In this exemplary embodiment of the invention, the parentalcontrol server 204 uses the allow/block list to determine whether or notthe user should be allowed to perform action A. Alternatively, theparental control server 204 may download all or a portion of theallow/block list to the client 202 so that the client 202 can apply thedownloaded portions of the allow/block list to determine if action Ashould be allowed. If action A is not found on the block list, action Ais allowed, as illustrated in FIG. 4A.

In an alternative embodiment of the present invention, the parentalcontrol server 204 uses filter 210 in addition to the allow/block listto determine whether or not the user should be allowed to perform actionA. The filter may be an inappropriate word filter, for example.Alternatively, the parental control server 204 may download all or aportion of a filter, such as filter 210 and all or a portion of theallow/block list to the client 202. In such an embodiment of theinvention, the client 202 will apply the downloaded portions of filter210 and the allow/block list to determine whether action A should beallowed. If filter 210 does not block action A and if action A is notfound in the block list, action A is allowed as illustrated in FIG. 4A.Those of ordinary skill in the art will appreciate that the presentinvention may be practiced utilizing various configurations of theallow/block list and filter 210.

FIG. 4B illustrates the user attempting to take action B and action B isblocked by the parental control server 204. More specifically, action Bis blocked if the parental control server 204 determines action B is notin the user's allow list and/or action B is blocked by filter 210. Thatis, the parental control system 200 will block action B even if action Bis not on the user's block list if action B is blocked by filter 210 andvice versa. As described above, different embodiments of the presentinvention block action B at the client level by downloading all orportions of the filter 210 and the allow/block list. FIG. 4B alsoillustrates that the user is notified that action B has been blocked bythe parental control system 200.

FIG. 5A is a block diagram illustrating the user requesting consent toperform the blocked action B. As illustrated in FIG. 5A, the usersubmits a request for consent that is received by the parental controlserver 204. The parental control server 204 creates an entry in theconsent database 208 for the request. In the illustrated embodiment, theparental control server 204 transmits a pending request notificationthrough the Internet to another client 220. The other client 220 may bethe parent or administrator of the client 202. In an alternativeembodiment, the pending request notification is provided to the otherclient 220 when the other client 220 is detected logging onto theparental control server 204. The parental control server 204 queries theconsent database 208 and notifies the other client 220 if any pendingrequests from the client 202 are found.

FIG. 5B is a block diagram illustrating resolution of the pendingrequest for consent to perform action B. As illustrated in FIG. 5B, theother client 220 submits a request resolution through the Internet tothe parental control server 204. The request resolution indicates anacceptance or denial of the request. The parental control server 204receives the request resolution and updates the consent database 208with the request resolution information. The parental control server 204customizes the parental controls by updating the allow/block list forthe client 202 in the setting database 208 to reflect the requestresolution. If the request resolution indicates acceptance, the actionis added to the user's allow list. On the other hand, if the requestresolution indicates denial, the action is added to the block list.Preferably, the denied action is not added to the block list if theaction was previously blocked. In accordance with the illustratedembodiment, the parental control server 204 transmits a requestresolution notification through the Internet to the client 202. In analternative embodiment, the request resolution notification is providedwhen the client 202 is detected logging onto the parental control server204. The parental control server 204 queries the consent database 208and notifies the client 202 if any newly resolved requests are found.

FIG. 5C is a block diagram illustrating use of customized parentalcontrols provided by the updated allow/block list. As illustrated inFIG. 5C, the client 202 is allowed to perform action B, which waspreviously blocked. In FIG. 5C the client 202 is allowed to performaction B by virtue of the customized parental controls in the allowedblock list in the setting database 206. In FIG. 5C, the client 202submits a request to take action B. The request for action B istransmitted through the Internet 100 to the parental control server 204.The parental control server 204 utilizes the allow/block list in thesetting database 206 to determine if the user (i.e., the person loggingonto the client 202) is allowed to take action B. Since action B hasbeen added to the user's allow list, thereby customizing the parentalcontrols, the user is allowed to take action B. As discussed earlier,action B can include any online action. For example, action B may be touse an Internet service, such as the instant messenger 212 and thee-mail 218. Or, action B may be to the content providers 214 and 216 Websites. In one implementation of the present invention, the client 202 isa child of the other client 220. FIGS. 3, 4A, 4B, and 5A-5C, illustrateone exemplary embodiment of the present invention for enabling a user(i.e., a child) and an administrator (i.e., a parent) to interactivelycustomize the allow/block list used for filtering the user's onlineactions.

FIG. 7A illustrates an exemplary data structure used to create an entryin the consent database 208. The illustrated consent database entry datastructure 702 includes a plurality of data elements, namely, for aunique request ID 704, an administrator ID 706, a user ID 708, an action710, a URL requested 712, an e-mail address requested 714, a status 716,an amount of time requested 718, and an amount of time unused 720. Theunique request ID 704 includes information that uniquely identifies therequest. For example, the unique request ID 704 can be a globally uniqueidentifier (GUID) generated by the parental control system 200. Theadministrator ID 706 includes information for identifying theadministrator. For example, the administrator ID 706 can be a passwordused by the administrator when logging on to the Internet 100. Theaction 710 includes information about the action associated with therequest. The action can be any online action that a user requestsconsent to perform, such as visiting a Web site, downloading a file,having more time online, sending an e-mail, and sending an instantmessage. Additionally, the action can be one the administrator hasrequested to be allowed or blocked using the history integration featureof the present invention, which is discussed below in with reference toFIGS. 15 and 16. The URL requested 712 includes information about anaddress for a resource on the network, such as a Uniform ResourceLocator for a resource on the Internet 100. The e-mail address requested714 includes information about the address of an e-mail recipient. Ane-mail address is a string that identifies a user so that the user canreceive Internet e-mail. An e-mail address typically consists of a namethat identifies the user to the mail server, followed by an at sign (@)and the host name and domain name of the mail server. The status 716includes information about the status of the request, such as pending,resolved, accepted, denied, and reviewed. The amount of time requested718 includes information about a request associated with an allottedamount of time the user is allowed online. The amount of time unused 720includes information about the amount of time online that the user stillhas available.

FIG. 7B illustrates a few of the many possible requested online actions752 for customizing the parental controls using the present invention.For example, the user requested actions can include a Web site requestfrom user 754, an e-mail address book entry request from user 756, amessenger buddy list entry request from user 758, a file downloadrequest from user 760, a more time online request from user 762, a runapplication request from user 764, an install application request fromuser 766, a view movie request from user 768, a play game request fromuser 770, and an access shared resource request from user 772 (e.g., afile server or printer). Some of the administrator requested onlineactions can include an allow or block Web site request fromadministrator 774, an allow or block e-mail address entry request fromadministrator 776, an allow or block buddy messenger list entry requestfrom administrator 778, an allow or block file download request fromadministrator 780, an allow or block more time online request fromadministrator 782, an allow or block run application request fromadministrator, an allow or block install application request fromadministrator 786, an allow or block view movie request fromadministrator 788, an allow or block access play game request fromadministrator 790, and an allow or block access shared resource requestfrom administrator 792. The administrator requests for allowing andblocking actions are discussed below with reference to FIGS. 15 and 16,which illustrate the history integration feature of the presentinvention.

FIG. 8 is an overview flow diagram illustrating the logic utilized bythe parental controls system 200 in accordance with one embodiment ofthe present invention. The parental controls routine 800 illustrated inFIG. 8 begins at block 802 and proceeds to decision block 804. Atdecision block 804, a test is made to determine whether or not a requesthas been received from the user for consent to perform a blocked onlineaction. If at decision block 804, it is determined that a request hasbeen received from the user, routine 800 proceeds to block 806. At block806, routine 800 creates an entry in the consent database 208 for therequest. If at decision block 804, it is determined that a request fromthe user has not been received, routine 800 cycles back until a requestis received. After creating the entry in the consent database 208 forthe request at block 806, routine 800 proceeds to decision block 808. Atdecision block 808, a test is made to determine whether a requestresolution has been received from the administrator. If it is determinedat decision block 808 that a request resolution was not received fromthe administrator, routine 800 cycles back until a request resolution isreceived from the administrator. If it is determined at decision block808 that a request resolution was received from the administrator,routine 800 proceeds to block 810. At block 810, routine 800 updates theconsent database 208 with the request resolution information. Afterupdating the consent database 208, routine 800 proceeds to block 812 toupdate the user's allow/block list to correspond with the requestresolution. After updating the user's allow/block list to correspondwith the request resolution, routine 800 ends.

FIG. 9 is a flow diagram illustrating routine 900 for receiving arequest from a user and creating an entry in the consent database 208 inaccordance with one embodiment of the present invention. (Blocks 804 and806 of FIG. 8.) Routine 900 starts at block 902 and proceeds to decisionblock 904, where a test is made to determine if the user has beenblocked from performing an online action. For example, in one embodimentof the present invention, the computer determines if the user's allowedtime online is about to expire. If so, the user is notified that theallowed time online is about to expire. If at decision block 904 it isdetermined that the user was not blocked from performing an onlineaction, routine 900 cycles back until decision block 904 tests positive.If at decision block 904, it is determined that the user was blockedfrom performing an online action, routine 900 proceeds to decision block906. For example, at decision block 906, a test is made to determine ifthe administrator is present. In one embodiment of the presentinvention, the user is prompted with a query as to whether theadministrator is present for instant approval of the user's request. Ifat decision block 906, it is determined that the administrator ispresent, routine 900 proceeds to the instant approval routine. Theinstant approval routine is described below with reference to FIG. 13.If at decision block 906, it is determined that the administrator is notpresent, routine 900 proceeds to decision block 908.

At decision block 908, a test is made to determine if the user wouldlike to submit a request for consent from the administrator to performthe blocked online action. If at decision block 908, it is determinedthat the user does not want to submit the consent request, routine 900cycles back to decision block 904 and the above steps are repeated. Ifat decision block 908, it is determined that a user request for consentwas received, routine 900 proceeds to block 910 where informationrelated to the request is collected. In one embodiment of the presentinvention, routine 900 collects the data related to the request that wasdescribed above with reference to data structure 700 shown in FIG. 7A.For example, routine 900 collects data related to the request, includingthe administrator ID, the user ID, and the action requested. If therequest is related to accessing a resource on the Internet, routine 900collects the URL requested. Similarly, if the request is related tosending or receiving an e-mail, routine 900 collects the e-mail address.Likewise, if the request is related to having more time online, routine900 collects information about the amount of time requested and theamount of time unused.

After collecting the data related to the request at block 910, routine900 proceeds to block 912 and creates an entry in consent database 208for the request. In one embodiment, routine 900 creates the entry usingthe data structure 700 described above with reference to FIG. 7A. Aftercreating the entry in the consent database 208 for the request, routine900 proceeds to block 914. In one embodiment of the present invention,routine 900 sends the administrator notification of the pending request.The notification can be sent utilizing any of the various ways known bythose of ordinary skill in the art. For example, the notification can besent via e-mail and instant messaging. The pending request notificationsent to the administrator may include an element linked to a Web site.The administrator can navigate to the Web site by clicking on the linkedelement in the pending request notification. The Web site displaysinformation about the pending request. In yet other embodiments of thepresent invention, the administrator is provided notification of thepending request at the time the administrator logs on, as describedbelow with reference to FIG. 10.

FIG. 10 illustrates a routine 1000 for notifying the administrator of apending request in accordance with one embodiment of the presentinvention. Routine 1000 starts at block 1002 and proceeds to decisionblock 1004 where a test is made to determine if the administrator hasbeen detected logging on. If at decision block 1004, it is determinedthat the administrator was not detected logging on, routine 1000 cyclesback until decision block 1004 tests positive. If at decision block1004, it is determined that the administrator was detected logging on,routine 1000 proceeds to block 1006. At block 1006, routine 1000searches the consent database 208 for a pending request from the userfor consent to perform a blocked online action. After searching theconsent database 208 for a pending request at block 1006, routine 1000proceeds to decision block 1008. At decision block 1008, a test is madeto determine if a pending request from the user was found in the consentdatabase 208. If at decision block 1008, a pending request is not foundin consent database 208, routine 1000 cycles back to decision block 1004and the above described steps are repeated. If at decision block 1008, apending request is found in the consent database 208, routine 1000proceeds to block 1010 where the administrator is sent notification ofthe pending request. The consent database 208 may contain multiplepending requests. If so, multiple pending requests will be found atdecision block 1008 and the administrator will be sent notification ofthe multiple pending requests. After sending notification to theadministrator of the pending request, routine 1000 cycles back todecision block 1004 and the above described steps are repeated.

FIG. 11 illustrates routine 1100 for resolving a request in accordancewith one embodiment of the present invention. Routine 1100 begins atblock 1102 and proceeds to decision block 1104, where a test is made todetermine whether or not a request from the administrator to review thepending request has been received. If at decision block 1104, it isdetermined that no request from the administrator was received, routine1100 cycles back until decision block 1104 tests positive. If atdecision block 1104, it is determined that a request from theadministrator was received, routine 1100 proceeds to decision block1106. At decision block 1106, a test is made to determine if the consentdatabase 208 contains any pending request. If at decision block 1106, itis determined that there is no pending request in the consent database208, routine 1100 cycles back to decision block 1104 and theabove-described steps are repeated. If at decision block 1106, it isdetermined that there is a pending request in the consent database 208,routine 1100 proceeds to block 1108. At block 1108, routine 1100displays the pending request information to the administrator.

After displaying the pending request to the administrator at block 1108,routine 1100 proceeds to decision block 1110 where a test is made todetermine if the administrator accepts the pending request. If atdecision block 1110, it is determined that the administrator acceptedthe pending request, routine 1100 proceeds to block 1112. At block 1112,routine 1100 updates the consent database 208 to indicate that therequest was accepted. After updating the consent database 208 toindicate the request was accepted in block 1112, routine 1100 proceedsto block 1114. At block 1114, routine 1100 sends the user notificationof the accepted request. Those of ordinary skill in the art willappreciate that notifications may be sent utilizing any of the variousmethods for exchanging messages over a network known in the art, such ase-mail and instant messaging. After sending the user notification of theaccepted request at block 1114, routine 1100 proceeds to block 1122 tocustomize controls, which is described below with reference to FIG. 12.Alternatively, another embodiment of the present invention notifies theuser of the resolved request when the user is detected logging on. Inthe alternative embodiment, the consent database 208 is queried fornewly resolved requests, and the user is notified if any newly resolvedrequest is found.

If at decision block 1110, it is determined that the administrator didnot accept the pending request, routine 1100 proceeds to decision block1116 where a test is made to determine if the administrator denies thepending request. If at decision block 1116, it is determined that theadministrator did not deny the pending request, routine 1100 cycles backto decision block 1104 and the above described steps are repeated. If atdecision block 1116, it is determined that the administrator denied thepending request, routine 1100 proceeds to block 1118 and updates theconsent database 218 to indicate that the request was denied. Afterupdating the consent database 208 to indicate that the request wasdenied, routine 1100 proceeds to block 1120. At block 1120, routine 1100sends the user notification that the request was denied by theadministrator. For example, the user may be sent an e-mail or instantmessage indicating that the request was denied. After sending the usernotification of the denied request in block 1120, routine 1100 proceedsto block 1122 to perform a customize controls. As described above, analternative embodiment notifies the user of the resolved request whenthe user is detected logging on. After sending the user notification ofthe denied request in block 1120, routine 1100 proceeds to block 1122 tocustomize controls, which is described below with reference to FIG. 12.

FIG. 12 illustrates routine 1200 for customizing controls in accordancewith one embodiment of the present invention. Routine 1200 begins atblock 1202 and proceeds to decision block 1204, where a test is made todetermine if the user has been detected logging on. If at decision block1204, the user was not detected logging on, routine 1200 cycles backuntil decision block 1204 tests positive. If at decision block 1204, adetermination is made that the user was detected logging on, routine1200 proceeds to block 1206. At block 1206, routine 1200 queries theconsent database 208 for a newly resolved request. After querying theconsent database 208 for a newly resolved request at block 1206, routine1200 proceeds to decision block 1208. At decision block 1208, a test ismade to determine if any newly resolved request was found in the consentdatabase 208. If at decision block 1208, it is determined that no newlyresolved request was found in the consent database 208, routine 1200cycles back to decision block 1204 and the steps described above arerepeated. If at decision block 1208, it is determined that a newlyresolved request was found in consent database 208, routine 1200proceeds to decision block 1210. At decision block 1210, a test is madeto determine whether or not the newly resolved request was accepted bythe administrator. If at decision block 1210, it is determined that thenewly resolved request was accepted, routine 1200 proceeds to block1212. At block 1212, the action associated with the newly resolvedrequest is added to the user's allow list in the setting database 206.In different embodiments of the present invention, all or a portion ofthe user's allow list may be downloaded to the user's client machine.Downloading all or a portion of the user's allow list may enhanceperformance, as well as providing more effective controls at a lowerlevel. By adding the action to the user's allow list, the presentinvention has customized the administrator controls used for filteringthe user's online actions to allow the user to perform a previouslyblocked online action. After adding the action associated with the newlyresolved request to the user's allow list at block 1212, routine 1200proceeds to block 1214. At block 1214, routine 1200 sends the usernotification of accepted request, which may be accomplished usinge-mail, instant messaging, and any other conventional method ofexchanging messages over a network. After notifying the user of theaccepted request, routine 1200 is completed.

If, at decision block 1210, it is determined that the newly resolvedrequest was not accepted, routine 1200 proceeds to block 1216. At block1216, routine 1200 adds the requested action to the user's block list.An alternative embodiment of the present invention does not add theaction associated with the denied request from the user to the user'sblock list if the user was already blocked from performing the action.After adding the requested action to the user's block list at block1216, routine 1200 proceeds to block 1218. At block 1218, the user issent notification that the request was denied and routine 1200 iscompleted.

FIG. 13 illustrates a routine 1300 for providing instant approval inaccordance with one embodiment of the present invention. As describedabove with reference to FIG. 9, the instant approval routine 1300 isperformed when it has been determined that the user was blocked fromperforming an online action and the administrator is present. Routine1300 starts at block 1302 and proceeds to block 1304, where theadministrator's password is obtained. The password includes a string ofcharacters entered by an administrator to verify his or her identity tothe network. After obtaining the administrator's password in block 1304,routine 1300 proceeds to block 1306. At block 1306, routine 1300authenticates the administrator without logging out the user. In oneembodiment, routine 1300 authenticates the administrator by comparingthe password against a stored list of authorized passwords and users anddetermining that the password is legitimate. After authenticating theadministrator without logging out the user, routine 1300 proceeds toblock 1308 where the user's request is displayed to the administrator.After displaying the user's request to the administrator in block 1308,routine 1300 proceeds to decision block 1310. In decision block 1310, atest is made to determine whether the administrator has accepted theuser's request. If at decision block 1310, it is determined that theuser's request was accepted by the administrator, routine 1300 proceedsto block 1312. At block 1312, the action associated with the acceptedrequest is added to the user's allow list in the setting database 206.In different embodiments of the present invention, all or a portion ofthe user's allow/block list may be downloaded to the user's clientcomputer. Downloading all or part of the user's allow/block list mayenhance performance, as well as providing more effective controls at alower level on the user's client computer. By adding the requestedaction to the user's allow list, the administrator customizes the user'sonline actions filter to allow the user to perform a previously blockedonline action. After adding the requested action to the user's allowlist, routine 1300 proceeds to block 1314, where the administrator islogged out. After logging out the administrator at block 1314, routine1300 proceeds to block 1316 and the user is allowed to perform thepreviously blocked action for which the user requested instant approval.After allowing the user to perform the requested online action at block1316, instant approval routine 1300 is completed at block 1324.

If at decision block 1310, it is determined that the administrator didnot accept the user's request, routine 1300 proceeds to block 1318. Atblock 1318, routine 1300 adds a requested action to the user's blocklist. An alternative embodiment of the present invention does not addthe action associated with the denied request from the user to theuser's block list if the user was already blocked from performing theaction. As described above, other embodiments of the present inventiondownload all or a portion of the user's allow/block list to the user'sclient computer. Downloading all or part of the user's allow/block listmay enhance performance and provide more effective controls at a lowerlevel on the user's client computer. After adding the requested actionto the user's block list in block 1318, routine 1300 proceeds to block1320, where the administrator is logged out. After logging out theadministrator at block 1320, routine 1300 proceeds to block 1322, wherethe user is blocked from performing the requested action. Routine 1300is completed at block 1324.

FIG. 14 illustrates a routine 1400 for generating a history summaryreport in accordance with one embodiment of the present invention.Routine 1400 begins at block 1402 and proceeds to decision block 1404,where a test is made to determine if the user has been detected loggingon. If at decision block 1404, the user is not detected logging on,routine 1400 cycles back until decision block 1404 tests positive. If atdecision block 1404, a determination is made that the user was detectedlogging on, routine 1400 proceeds to block 1406. At decision block 1406,a test is made to determine if the administrator is to receive thehistory summary report. In one embodiment of the present invention, theparental controls settings in the setting database 206 indicate whetheror not the administrator wishes to receive a history summary report.Those of ordinary skill in the art will appreciate that there are manyways to determine if the administrator requests receiving a historysummary report. For example, the administrator may be queried as towhether or not the administrator wishes to receive a history summaryreport.

If at decision block 1406, it is determined that the administrator isnot to receive the history summary report, routine 1400 cycles back todecision block 1404 and the above described steps are repeated. If atdecision block 1406, it is determined that the administrator is toreceive the history summary report, routine 1400 proceeds to block 1408.At block 1408, routine 1400 tracks the user's actions while the user isonline. After tracking the user's online actions at block 1408, routine1400 proceeds to block 1410 where the user's history summary informationis stored. After storing the user's history summary information at block1410, routine 1400 proceeds to decision block 1412.

At decision block 1412, a test is made to determine if it is time togenerate the history summary report. In one embodiment of the presentinvention, the history summary report is generated periodically. Inanother embodiment, the history summary report is generated when it hasbeen seven days or more since the last history summary report wasgenerated. If at decision block 1412, it is determined that it is nottime to generate the history summary report, routine 1400 cycles back todecision block 1404 and the steps described above are repeated. If atdecision block 1412, it is determined to be time to generate the historysummary report, routine 1400 proceeds to block 1414 and obtains storedhistory summary information. After obtaining the history summaryinformation at block 1414, routine 1400 proceeds to block 1416 andgenerates the history summary report.

FIG. 17 is a screen diagram illustrating an exemplary history summaryreport implemented as a Web page using a markup language, such ashypertext markup language (html) and extensible Markup Language (“XML”).Those of ordinary skill in the art will appreciate that the presentinvention may be practiced using any conventional methods for generatingand presenting reports without varying from the scope of the presentinvention.

Returning to FIG. 14, after generating the history summary report atblock 1416, routine 1400 proceeds to block 1418. At block 1418, thehistory summary report is sent to the administrator. After sending thehistory summary report to the administrator in block 1418, routine 1400proceeds to block 1420 and clears the stored history summaryinformation. After clearing the stored history information at block1420, routine 1400 cycles back to decision block 1404 and theabove-described steps are repeated.

FIGS. 15 and 16 illustrate the history integration routines 1500 and1600 in accordance with one embodiment of the present invention.Generally described, the history integration feature of the presentinvention enables the administrator to review the user's online historyto determine if the controls need to be modified. For example, if inreviewing the user's online history information, the administratordetermines that the user was allowed to take an inappropriate action,the administrator can customize the controls to block the user fromperforming inappropriate action in the future using the historyintegration feature of the present invention. In one embodiment of thepresent invention, the administrator is provided history summaryinformation that includes an option for reviewing an online actionincluded in the history summary information. For example, theadministrator can select the option to visit a Web site included in thehistory summary information.

FIG. 15 illustrates the portion of the history integration feature withwhich the administrator interacts. FIG. 15 illustrates a routine 1500,which starts at block 1502 and proceeds to decision block 1504, where atest is made to determine if the administrator has been detected loggingon. If at decision block 1504, it is determined that the user has notbeen detected logging on, routine 1500 cycles back until decision block1504 tests positive. If at decision block 1504, it is determined thatthe administrator was detected logging on, routine 1500 proceeds todecision block 1506. At decision block 1506, a test is made to determineif the administrator has requested the user's history summaryinformation. If, at decision block 1506 it is determined that theadministrator has not requested the user's history summary information,routine 1500 cycles back to decision block 1504 and the above-describedsteps are repeated. If, at decision block 1506, it is determined thatthe administrator has requested the user's history summary, routine 1500proceeds to block 1508 and displays the user's history summaryinformation to the administrator.

After displaying the user's history summary information to theadministrator at block 1508, routine 1500 proceeds to decision block1510. At decision block 1510, a test is made to determine if a requesthas been received from the administrator to modify the controls thatfilter the user's online actions. If at decision block 1510, it isdetermined that the administrator does not wish to modify the controls,routine 1500 cycles back to decision block 1504 and the above-describedsteps are repeated. If at decision block 1510, it is determined that arequest has been received from the administrator to modify the controls,routine 1500 proceeds to block 1512. At block 1512, routine 1500collects data related to the administrator's request. After collectingdata related to the administrator's request at block 1512, routine 1500proceeds to block 1514. At block 1514, routine 1500 creates an entry inthe consent database 208 that responds to the administrator's request.After creating the entry in the consent database 208 that responds tothe administrator's request at block 1514, routine 1500 cycles back todecision block 1504 and the above-described steps are repeated.

FIG. 16 illustrates the portion of the history integration feature thatupdates the user's allow or block list. FIG. 16 illustrates a routine1600, which starts at block 1602 and proceeds to decision block 1604,where a test is made to determine if the user has been detected loggingon. If at decision block 1604, it is determined that the user was notdetected logging on, routine 1600 cycles back until decision block 1604tests positive. If at decision block 1604, the user is detected loggingon, routine 1500 proceeds to block 1606. At block 1606, routine 1600queries the consent database 208 for a new administrator request tomodify the controls that filter the user's online actions.

After querying the consent database 208 for a new administrator requestat block 1606, routine 1600 proceeds to decision block 1608. At decisionblock 1608, a test is made to determine if any new administratorrequests were found in the consent database 208. If at decision block1608, it is determined that no new administrative request was found inthe consent database 208, routine 1600 cycles back to decision block1604 and the above-described steps are repeated. If at decision block1608, it is determined that a new administrator request was found in theconsent database 208, routine 1600 proceeds to decision block 1610. Atdecision block 1610, a test is made to determine if the newadministrator request is for allowing the user to perform a previouslyblocked action.

If at decision block 1610, it is determined that the new administratorrequest is to allow the user to perform a previously blocked action,routine 1600 proceeds to block 1612. At block 1612, routine 1600 addsthe action associated with the administrator's request to the user'sallow list. In other embodiments of the present invention, all or aportion of the user's allow list is downloaded to the user's clientcomputer for improved performance and more effective control at a lowerlevel on the user's client computer. By adding the action to the user'sallow list, the user's controls are customized to allow the user toperform the previously blocked action. After adding the action to theuser's allow list at block 1612, routine 1600 cycles back to decisionblock 1604 and the above-described steps are repeated.

If at decision block 1610, it is determined that the new administratorrequest was not for allowing the user to perform a previously blockedaction, routine 1600 proceeds to block 1614. At block 1614, the actionassociated with the administrator request is added to the user's blocklist. By adding the action to the user's block list, the controls forfiltering the user's online actions are customized to not allow the userto perform an action that was previously allowed, as indicated in thehistory summary information displayed to the administrator. After addingthe action to the user's block list in block 1614, the user will nolonger be allowed to perform the online action associated with theadministrator's request. After adding the action associated with theadministrators request to the user's block list, routine 1600 cyclesback to decision block 1604 and the above-described steps are repeated.

While the above description of the present invention has been describedas a interactions between a child user and a parent administrator of anetwork, the present invention is not limited to any specific user andadministrator relationship. For example, the relationship can be anemployee and employer relationship. The parental control system providesthe advantages of enabling an administrator (parent/employer) and user(child/employee) to interactively customize the controls that are usedfor filtering the user's actions across a network.

With reference once again to FIG. 2, in an alternative embodiment of thepresent invention, the components of the parental controls system may beimplemented as distributed software components accessible via thecommunication network 100. An example of a distributed applicationdevelopment and execution platform is the Microsoft® .NET platform fromMicrosoft Corporation of Redmond, Wash. Generally described, theMicrosoft .NET platform is an application programming and executionplatform that provides write-once, compile-once, run-anywhereapplication development. Microsoft .NET platform applications may becreated in any language as long as they are compiled by a compiler thattargets the Microsoft .NET universal runtime (“URT”), also known as thecommon language runtime engine. Such a compiler compiles .NETapplications into intermediate language (“IL”), rather than directlyinto executable code.

To execute a .NET platform application, the compiled IL is interpreted,or “just-in-time” compiled, by the URT into native machine instructions.The native machine instructions can then be directly executed by theCPU. The Microsoft .NET platform also includes a base library thatcomprises a large set of class libraries and services. These librariesand services provide access to the features of the URT, and otherhigh-level services, so that software developers do not have to code thesame services repeatedly. Although the present invention may beapplicable with regard to a .NET platform implementation, the presentinvention may also be implemented in alternative platform environments.

While the illustrative embodiments of the invention have beenillustrated and described, it will be appreciated that various changescan be made therein without departing from the spirit and scope of theinvention. For example, one skilled in relevant art will appreciate thatthe parental control system may incorporate interfaces conforming to thesimple object access protocol (“SOAP”) and the like. All such claims areconsidered to be within the scope of the present invention.

1. A computer system for enabling a user and administrator of a networkto interactively customize the administrator controls used to filter theuser's online actions, the computer system comprising: a settingdatabase component for storing information about the administratorscontrols being used to filter the user's online actions; and anadministrator control component for: tracking and storing the user'sallowed and blocked online actions; generating a history summary reportfrom the stored information; providing the history summary report to theadministrator; receiving an administrator request to block the user fromperforming a first action indicated as being allowed in the historysummary report; and updating the administrator controls for the user toinclude blocking the first action.
 2. The system of claim 1, wherein theadministrator control component also: receives an administrator requestto allow a second action indicated as being blocked in the historysummary report; and updates the administrator controls for the user toinclude allowing the second action.
 3. The system of claim 1, whereinthe administrator control component also prevents the user frommodifying the stored history summary information.
 4. The system of claim1, wherein the administrator control component also clears the storedinformation after generating the history summary report.
 5. The systemof claim 1, wherein the administrator control component generates thehistory summary report periodically.
 6. The system of claim 1, whereinthe administrator control component generates the history summary reportin response to receiving an administrator request for the historysummary report
 7. The system of claim 1, wherein the history summaryreport includes information about one of: (a) web sites the user wasallowed to visit; (b) web sites the user was blocked from visiting; (c)electronic mail sent by the user; (d) electronic mail that the user wasblocked from sending; (e) buddies with whom said user was allowed tohave instant messenger conversations; (f) buddies with whom said userwas blocked from having instant messenger conversations; (g) files theuser was allowed to download; (h) files the user was blocked fromdownloading; (i) the user's amount of time online; (j) applications theuser was allowed to run; (k) applications the user was blocked fromrunning; (l) applications the user was allowed to install; (m)applications the user was blocked from installing; (n) movies the userwas allowed to view; (o) movies the user was blocked from viewing; (p)games the user was allowed to play; (q) games the user was allowed toplay; (q) shared resources the user was allowed to access; and (r)shared resources the user was blocked from accessing.
 8. The system ofclaim 1, wherein the history summary report information is sorted by thefrequency of the user's online activity.
 9. The system of claim 1,wherein the user is the administrator's child.
 10. The system of claim1, wherein history summary report includes an option for reviewing anonline action in the history summary report.
 11. The system of claim 10,wherein the administrator control component also navigates to a Web sitein response to the administrator selecting the option for reviewing anonline action included in the history summary report.
 12. The system ofclaim 10, wherein the administrator control component also sends anelectronic mail message in response to the administrator selecting theoption for reviewing an online action in the history summary report. 13.The system of claim 10, wherein the administrator control component alsosends an instant message in response to the administrator selecting theoption for reviewing an online action in the history summary report. 14.The system of claim 10, wherein the administrator control component alsodownloads a file in response to the administrator selecting the optionfor reviewing an online action in the history summary report.
 15. Thesystem of claim 1, further comprising: a consent database component forstoring information about a user request to perform a blocked onlineaction, wherein the administrator control component also storesinformation about the administrator request to block the user fromperforming the first action and information about the administratorrequest to allow the second action in a consent database.
 16. The systemof claim 15, wherein the consent database resides in the networkenvironment.
 17. The system of claim 15, wherein the administratorcontrol component also: detect the user logging onto the networkenvironment; search the consent database for a new administratorrequest; and if a new administrator request is found, download at leasta portion of the administrator controls to the user's local computer.18. The system of claim 15, wherein if a new administrator request isfound, the administrator control component also notifies the user of thenew administrator request.